Page 192 of 1901 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2017-7762 – Mozilla: address bar username and password spoofing in reader mode

https://notcve.org/view.php?id=CVE-2017-7762

When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54. Al acceder a él directamente, Reader Mode no eliminó la sección de nombre de usuario y contraseña de las URL mostradas en la barra de direcciones. Esto puede emplearse para suplantar el dominio de la página actual. • http://www.securityfocus.com/bid/99047 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2113 https://bugzilla.mozilla.org/show_bug.cgi?id=1358248 https://www.mozilla.org/security/advisories/mfsa2017-15 https://access.redhat.com/security/cve/CVE-2017-7762 https://bugzilla.redhat.com/show_bug.cgi?id=1590493 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2017-7778 – Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7778

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Hay una serie de vulnerabilidades de seguridad en la biblioteca Graphite 2, incluyendo lecturas fuera de límites, lecturas y escrituras por desbordamiento de búfer y el uso de memoria no inicializada. Estos problemas fueron abordados en la versión 1.3.10 de Graphite 2. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://access.redhat.com/errata/RHSA-2017:1793 https://bugzilla.mozilla.org/show_bug.cgi?id=1349310 https://bugzilla.mozilla.org/show_bug.cgi?id=1350047 https://bugzilla.mozilla.org/show_bug.cgi?id=1352745 https://bugzilla.mozilla.org/show_bug.cgi?id=1352747 https://bugzilla.mozilla.org/show_bug • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0

CVE-2017-5472 – Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en el frameloader durante la reconstrucción de árboles cuando se regenera el diseño CSS al intentar emplear un nodo en el árbol que ya no existe. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99040 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1365602 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2017-7757 – Mozilla: Use-after-free in IndexedDB (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7757

A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en IndexedDB cuando uno de sus objetos se destruye en la memoria mientras un método se sigue ejecutando dentro. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1356824 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2017-7777 – graphite2: use of uninitialized memory "graphite2::GlyphCache::Loader::read_glyph"

https://notcve.org/view.php?id=CVE-2017-7777

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. La librería Graphite2, en versiones de Firefox anteriores a la 54, es vulnerable a un uso de memoria no inicializada en la función graphite2::GlyphCache::Loader::read_glyph. The use of uninitialized memory related to "graphite2::GlyphCache::Loader::read_glyph" has been reported in graphite2. An attacker could possibly exploit this flaw to negatively impact the execution of an application using graphite2 in unknown ways. • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 https://access.redhat.com/security/cve/CVE-2017-7777 https://bugzilla.redhat.com/show_bug.cgi?id=1472225 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-456: Missing Initialization of a Variable •